Package: devscripts Version: 2.17.6+deb9u1~bpo8+1 Paul Wise writes on debian-devel: > uscan is used in situations where one does not want arbitrary code > from source packages automatically run by uscan. As long as `uscan > --safe` ignores that fallback, that should be fine I guess though.
I wasn't aware of uscan --safe. IMO `--safe' options are bad practice. That should be the default. `--unsafe' should be provided for when it is neeeded. gs had -dSAFER which caused many security bugs until eventually it was made the default. So the default in uscan should be changed. Looking at the manual I think it's possible that some of uscan's behaviours with --safe are too conservative, but at the very minimum I would expect that by default, uscan would: * not execute arbitrary code from the source package or the network * make only likely-to-be-relatively-harmless network connection attempts (so https to port 443 is probably OK; gopher to arbitrary ports is not) * avoid writing any files with unpredictable names (or names too-much-controlled by the source package or the network) Thanks, Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
